My library

+ Add to library


Dr.Web is always up to date

The Doctor Web virus-monitoring service collects samples of malicious files all over the Internet.

In just one day the Doctor Web virus laboratory receives up to a million and more potentially malicious samples.

We have been studying malware since 1992—few players in the market have accumulated so much experience.

Some of the files received aren't malware. And, of course, some samples are duplicates. However, they must all be processed by our security researchers. It’s not feasible to process millions of samples per month manually. That's why Doctor Web specialists created a "robot-analyst" — it parses received samples and creates signatures for those considered malicious or potentially dangerous. Automation frees virus analysts up so that they can spend their time examining only complex samples of malicious programs that cannot be processed automatically. That’s one reason why our company is able to keep the system-curing quality of our Dr.Web products at the very highest level in the information security industry.

The Dr.Web virus database is unique

Just a single entry allows hundreds or even thousands of similar malicious files to be detected — including those that may be created by cybercriminals in the future.

Doctor Web regularly purges these databases of duplicate entries without impacting the quality of detection. An anti-virus should not slow a system down!

The Dr.Web virus databases possess a unique feature—an algorithm for searching for signatures in the virus databases, as well as in the firewall’s and behaviour analyser’s rules databases, which means the search time does not increase if the number of database entries increases.

Intelligent updating of definitions for related viruses can automatically result in new malware definitions being added to the virus database, which reduces the time needed to respond to a malicious attack.

With Dr.Web virus databases kept small, a constant increase in system requirements is not needed. Updates remain small, while the quality of detection and curing remains at the same traditionally high level.

Malware-detection routines based on machine-learning algorithms

To detect malicious JavaScript code

Every day, the Doctor Web virus laboratory receives up to a million potentially malicious samples.

Some of the files we receive aren't malware. However, they must all be processed by our security researchers. The huge flow of malicious programs received by Doctor Web's virus laboratory for analysis allow us to break down the data into specific sections and identify which sections are exhibiting malicious behaviour.

Starting with version 11.5, Dr.Web solutions use detection rules based on machine-learning algorithms — SpIDer ML Anti-Script technologies.

  • Thanks to this new technology, Dr.Web SpIDer Guard can detect even more of the latest unknown malware programs in scripting language files, without having to wait for the virus databases to be updated.
  • Detection rules, created by a machine-learning system based on the knowledge of what constitutes malicious code, allow Dr.Web SpIDer Guard to "predict" a program’s behaviour before its malicious content is launched and neutralise it.
  • The most complex mathematical algorithms of the machine-learning system allow new rules for detecting malicious programs to be created automatically — without the involvement of virus analysts and almost instantly.
  • Dr.Web incorporates many technologies that protect against the latest malicious programs, without involving virus databases. New technologies based on machine learning have taken the detection quality of such programs to an even higher level!
  • Thanks to this new technology, the Dr.Web virus database stores the minimum amount of information, and the detection quality only improves with the record-low number of false positives.

Note that pure signature-based anti-viruses — i.e., those that detect malware only according to the definitions in their virus databases — died out in the 1990s, when ever-changing polymorphic viruses that could not be detected by their signatures appeared (by the way, this led to the emergence of the Dr.Web anti-virus).

If anti-viruses today were able to recognise new viruses only according to the entries in their virus databases, these databases would be so large that no computer’s memory could accommodate them, scanning would take ages, and PC performance would be severely handicapped.

Non-signature technologies and Preventive protection technologies help Dr.Web protect against threats not yet known to its virus database.